← Voltar para CVEs
CVE-2023-27997
CRITICALCISA KEV9.8
Descricao
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/13/2023
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorFortinet
ProdutoFortiOS and FortiProxy SSL-VPN
Nome da vulnerabilidadeFortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Data inclusao KEV2023-06-13
Prazo de remediacao2023-07-04
Uso em ransomwareKnown
Produtos afetados
fortinet:fortigate_6000fortinet:fortigate_7000fortinet:fortiosfortinet:fortiproxy
Fraquezas (CWE)
CWE-122CWE-787
Referencias
https://fortiguard.com/psirt/FG-IR-23-097(psirt@fortinet.com)
https://fortiguard.com/psirt/FG-IR-23-097(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27997(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.